On Wed, Oct 20, 2021 at 12:43:55PM -0500, Eric W. Biederman wrote:
> The function save_v86_state is only called when userspace was
> operating in vm86 mode before entering the kernel. Not having vm86
> state in the task_struct should never happen. So transform the hand
> rolled BUG_ON into an actual BUG_ON to make it clear what is
> happening.
If this is actually not a state userspace can put itself into:
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Otherwise, this should be a WARN+kill.
>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: x86@xxxxxxxxxx
> Cc: H Peter Anvin <hpa@xxxxxxxxx>
> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> ---
> arch/x86/kernel/vm86_32.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
> index e5a7a10a0164..63486da77272 100644
> --- a/arch/x86/kernel/vm86_32.c
> +++ b/arch/x86/kernel/vm86_32.c
> @@ -106,10 +106,8 @@ void save_v86_state(struct kernel_vm86_regs *regs, int retval)
> */
> local_irq_enable();
>
> - if (!vm86 || !vm86->user_vm86) {
> - pr_alert("no user_vm86: BAD\n");
> - do_exit(SIGSEGV);
> - }
> + BUG_ON(!vm86 || !vm86->user_vm86);
> +
> set_flags(regs->pt.flags, VEFLAGS, X86_EFLAGS_VIF | vm86->veflags_mask);
> user = vm86->user_vm86;
>
> --
> 2.20.1
>
--
Kees Cook
